Chris K. Karlof and Umesh Shankar

We present the results of a usability study of Doppelganger, a novel system for managing HTTP cookie policies in a web browser. Doppelganger's goal is to infer personalized, privacy-preserving cookie policies in a mostly automated fashion, interrupting the user only rarely and asking intuitive questions when it does so. Using eighteen subjects, our study compared Doppelganger to two existing browser policies: the Default, allow-all policy, and the Ask policy, which requires users to make cookie decisions manually. We asked subjects to represent the stated privacy preferences of a hypothetical person while they completed a script of common web browsing tasks. We measured traditional usability metrics, such as task completion rate, but unlike most previous cookie usability studies, we also evaluated privacy performance, measured by the number of sites whose cookies were accepted during the session. In terms of the privacy metric, we found that Doppelganger performed better than the fully-manual Ask policy and far better than the Default policy. Ease of use was in between the two. We discuss usability changes suggested by subjects' performance and direct comments as well as lessons we learned to make future usability studies of Doppelganger and other cookie management tools more effective.

BibTeX citation:

@techreport{Karlof:EECS-2007-116,
Author = {Karlof, Chris K. and Shankar, Umesh},
Title = {A Usability Study of Doppelganger, A Tool for Better Browser Privacy},
Institution = {EECS Department, University of California, Berkeley},
Year = {2007},
Month = {Sep},
URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-116.html},
Number = {UCB/EECS-2007-116},
Abstract = {We present the results of a usability study of Doppelganger, a novel system for managing HTTP cookie policies in a web
browser. Doppelganger's goal is to infer personalized, privacy-preserving cookie policies in a mostly automated fashion, interrupting the user only rarely and asking intuitive questions when it does so. Using eighteen subjects, our study compared Doppelganger to two existing browser policies: the Default, allow-all policy, and
the Ask policy, which requires users to make cookie decisions manually. We asked subjects to represent the stated privacy preferences of a hypothetical person while they completed a script of common web browsing tasks. We measured traditional usability metrics, such as task completion rate, but unlike most previous cookie usability
studies, we also evaluated privacy performance, measured by the number of sites whose cookies were accepted during the session. In terms of the privacy metric, we found that Doppelganger performed better than the fully-manual Ask policy and far better than the Default policy. Ease of use
was in between the two. We discuss usability changes suggested by subjects' performance and direct comments as well as lessons we learned to make future usability studies of Doppelganger and other cookie management tools more
effective.}
}